Audit of the Commonwealth Health Insurance Connector Authority (December 23, 2024)
December 23, 2024 · Commonwealth Health Insurance Connector Authority · Read the full official report on mass.gov ↗
source
“The Connector does not maintain a log of possible fraud complaints received.”
Read the plain-English breakdown
This is a state performance audit of the Massachusetts Health Connector, the public marketplace that helps residents and small businesses find health insurance.
“According to its website, the Connector’s mission is to “advance access to high-quality health care by serving as a transparent and transformative marketplace for Massachusetts residents and small businesses to come together and easily find, compare, and enroll in affordable health insurance.””
Auditors checked whether the Connector properly tested applicants’ eligibility, handled complaints, documented complaint resolutions, and trained employees on cybersecurity.
“The purpose of our audit was to determine whether the Connector did the following:”
If possible fraud complaints are not logged, the agency cannot show how many complaints came in, how serious they were, or whether they were handled properly.
“Without documentation of fraud complaints received, the Connector cannot monitor the number of complaints, as well as actions taken to address specific complaints.”
If you use or contact the Health Connector, better complaint tracking can make it easier for the agency to follow up, spot problems, and prove that concerns were handled.
“Anyone can request assistance from the Connector by telephone, email, or mail or in person.”
The Connector passed the audit’s eligibility-check and cybersecurity-training reviews, but failed the complaint documentation review.
“Did the Connector have policies and procedures to process complaints, and did it document the actions taken to resolve the complaints it received?”
The auditor recommended that the Connector create written complaint procedures and log fraud complaints with records showing how they were resolved.
“The Connector should develop and implement written policies and procedures surrounding the receipt and resolution of complaints.”
This matters because the lack of a complaint log leaves both managers and auditors without the records they need to evaluate whether the Connector is handling complaints well.
“This prevents Connector management from receiving relevant information to assist in the management and improvement of the operations of the authority and prevents auditors from receiving documentation to support audits that review the performance of the Connector.”
An “assister” means a trained enrollment helper who can explain coverage choices and help people find affordable insurance.
“An assister is a certified enrollment expert who can help applicants understand their coverage options, answer questions they may have, and help them find the most affordable coverage that meets their needs.”
What the Auditor checked
- Complied Did the Connector conduct eligibility requirement tests to ensure that all applicants receiving benefits met the criteria established by Sections 12.05 and 12.06 of Title 956 of the Code of Massachusetts Regulations?
- Did not comply Did the Connector have policies and procedures to process complaints, and did it document the actions taken to resolve the complaints it received?
- Complied Did the Connector provide cybersecurity awareness training to its employees in accordance with Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s (EOTSS’s) Information Security Risk Management Standard IS.010?
What the Auditor found
Why it matters: Without a complaint log, the Connector cannot monitor complaint volume or document actions taken to address specific complaints.
Standard: Office of the Comptroller of the Commonwealth Internal Control Guide requirements and Massachusetts Statewide Records Retention Schedule requirements for complaint records. ( Section 10.01 of the Office of the Comptroller of the Commonwealth’s Internal Control Guide: Statewide Risk Management; Section 12.01 of the Office of the Comptroller of the Commonwealth’s Internal Control Guide: Statewide Risk Management; Quick Guide: Schedule Number 06–18 from the Massachusetts Statewide Records Retention Schedule; Chapter 11, Section 12 of the Massachusetts General Laws )
2 recommendations
- The Connector should develop and implement written policies and procedures surrounding the receipt and resolution of complaints.agency: agreed
- All fraud complaints received should be logged into the Connector’s privacy and security incidents log, along with documentation to support the actions taken to resolve them.agency: partially agreed
Agency response & Auditor reply
Auditor: "Based on its overall response, the Connector is taking measures to address our concerns regarding this matter."
More audits of this entity
Other Office of the State Auditor reports on Commonwealth Health Insurance Connector Authority .
- Audit of the Commonwealth Health Insurance Connector AuthorityAuthority / Commission · January 16, 2018